Login anomaly or security issue? (fwd)

MegaZone (megazone@livingston.com)
Fri, 25 Jul 1997 14:58:24 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Gregg: "Re: Radius 2.01 patches"
Previous message: Paul Gregg: "Re: Need Radius log analysis tools!"

Once upon a time Jason Robbins shaped the electrons to say...
>username, a space and his lastname, 'joe last'. He authenticated
>just fine, and a show session listed him as 'joe last', as did the detail

This is a well known issue. Up to 2.0.1 RADIUS truncated on spaces -
so it actually validated 'joe'. But the PM holds only the entire field
in the show, and also sends that to accounting.

In 2.0.1 usernames with spaces are denied.

-MZ

--
Livingston Enterprises - Chair, Department of Interstitial Affairs
Phone: 800-458-9966 510-737-2100 FAX: 510-737-2110 megazone@livingston.com
For support requests: support@livingston.com  <http://www.livingston.com/> 
Snail mail: 4464 Willow Road, Pleasanton, CA 94588

Next message: Paul Gregg: "Re: Radius 2.01 patches"
Previous message: Paul Gregg: "Re: Need Radius log analysis tools!"